Commit Graph

2490 Commits

Author SHA1 Message Date
Tom Eastep
1870c281a9 Make AUDIT support params again.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-11-25 08:26:44 -08:00
Tom Eastep
dbfc805707 Add 'IU' state in secmarks
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-11-25 08:10:53 -08:00
Tom Eastep
b7e2b28562 Transfer tag when merging into an NFLOG/ULOG rule.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-11-24 09:04:56 -08:00
Tom Eastep
67e1e6cf91 Allow WHITELIST in IPv6
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-11-23 14:19:14 -08:00
Tom Eastep
cd2854cad0 Fix NFLOG/ULOG implementation.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-11-23 13:49:43 -08:00
Tom Eastep
75c148a2dd Enable 'debug' on the try, stop and clear commands.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-11-23 11:46:14 -08:00
Tom Eastep
71bbc632ce Handle 'fw' correctly in the SOURCE column of the stoppedrules file.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-11-23 08:35:51 -08:00
Tom Eastep
b6a1a7d538 Make NFLOG and ULOG built-ins.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-11-23 08:14:24 -08:00
Tom Eastep
30de211bda Implement format-3 conntrack files.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-11-22 20:56:56 -08:00
Tom Eastep
3f7425b6a0 Purge %renamed before each table is processed.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-11-22 17:27:09 -08:00
Tom Eastep
26dee73895 Support the audited targets on IPv6
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-11-22 08:24:51 -08:00
Tom Eastep
df7ce1a7d1 Add the AUDIT built-in and delete the Audit action.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-11-22 08:24:33 -08:00
Tom Eastep
4a05571e7e Add forward prototype for process_macro()
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-11-22 08:00:15 -08:00
Tom Eastep
b89e05740d Insure that nested zone exclusions go in the proper place in raw PREROUTING
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-11-21 14:49:21 -08:00
Tom Eastep
3040156981 Add SWITCH column to the conntrack file
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-11-21 14:20:56 -08:00
Tom Eastep
54dadcc546 Ensure that zone-specific rules come before 'all' rules.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-11-21 14:20:30 -08:00
Tom Eastep
952aed225d Improve handling of 'all' in the conntrack file.
- Also added 'all-' to represent all off-firewall zones.

Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-11-21 13:07:01 -08:00
Tom Eastep
1efd47a7e9 Apply Tuomo Soini's fix for RHEL5
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-11-21 10:34:00 -08:00
Tom Eastep
374489c3cf Revert "Fix RHEL5 issue with route marking."
This reverts commit 77f342b0e0.
2012-11-21 10:19:24 -08:00
Tom Eastep
77f342b0e0 Fix RHEL5 issue with route marking.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-11-21 09:08:15 -08:00
Tom Eastep
8f52c9744e Correct some issues with default action macros.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-11-21 08:29:35 -08:00
Tom Eastep
1957af04fd Don't create a _weight file for an optional non-provider interface.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-11-20 16:10:30 -08:00
Tom Eastep
a0faba2a03 Correct interface/provider handling.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-11-20 13:27:15 -08:00
Tom Eastep
c798200b20 Another correction to CHECKSUM detection.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-11-20 10:09:28 -08:00
Tom Eastep
67ae9df0f8 Correct handling of unknown interfaces in TC.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-11-20 08:07:42 -08:00
Tom Eastep
ebb4e1f6e4 Don't generate start/stop functions for wildcard optional interfaces
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-11-20 07:06:27 -08:00
Tom Eastep
f458e99390 Correct the compiler's CHECKSUM detection
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-11-20 06:59:40 -08:00
Tom Eastep
5b049d7e9e Improve readability in Rules module
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-11-20 06:59:13 -08:00
Tom Eastep
3b20c0db54 Allow Macros to be used as Default Actions.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-11-19 16:52:10 -08:00
Tom Eastep
0d8931e49f Don't use ':' as a join character in contatenated macro ACTION expansion.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-11-19 12:58:29 -08:00
Tom Eastep
47791add99 Fix formatting of a line of code.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-11-19 12:30:25 -08:00
Tom Eastep
be587726f4 Merge branch '4.5.9' 2012-11-19 08:22:05 -08:00
Tom Eastep
b25ece75de Don't leave temporary chain in the raw table when LOAD_HELPERS_ONLY=No
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-11-19 08:18:32 -08:00
Tom Eastep
0db7b6c58a Don't require a parameter with '&'
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-11-18 15:45:58 -08:00
Tom Eastep
57e913d86e Merge branch '4.5.9' 2012-11-18 15:02:46 -08:00
Tom Eastep
a4294658b6 Add a capability to use log levels as a target.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-11-18 14:50:59 -08:00
Tom Eastep
65e1b1c9e7 Allow NFLOG as a target
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-11-18 13:15:24 -08:00
Tom Eastep
a07cfb0885 Allow NFLOG as a target
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-11-18 13:13:43 -08:00
Tom Eastep
c6ffdd67e2 Add DROP target to the conntrack file.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-11-18 11:35:40 -08:00
Tom Eastep
5265cd5bb7 Add UNTRACKED match to the secmarks file.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-11-18 11:01:49 -08:00
Tom Eastep
5712438bcb Eliminate Shell syntax error when a provider and its interface have the same name.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-11-16 09:50:36 -08:00
Tom Eastep
a2b14c37ed Treat optional interfaces as pseudo-providers.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-11-16 09:48:21 -08:00
Tom Eastep
b1ffcd8628 Apply provider mask in 'routemark' chain.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-11-14 11:20:30 -08:00
Tom Eastep
34e3e4bf82 Merge branch '4.5.9' 2012-11-14 11:17:18 -08:00
Tom Eastep
06a4994488 Make exclusion work correctly with TPROXY.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-11-14 11:16:52 -08:00
Tom Eastep
391113dfe3 Apply provider mask in 'routemark' chain.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-11-13 06:55:59 -08:00
Tom Eastep
3c58d2180d Improve the efficiency of tcrule processing.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-11-13 06:55:35 -08:00
Tom Eastep
32c9e4274f Rename 'mysplit' to 'split_host_list'
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-11-11 08:42:01 -08:00
Tom Eastep
896d874aab Set VARLIB in the script's initialize() function.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-11-09 12:29:19 -08:00
Tom Eastep
5fcdfd779c Don't default IPSET to 'ipset'.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-11-09 08:54:54 -08:00
Tom Eastep
860ee6de27 Eliminate nonsensical warning message.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-11-06 07:36:36 -08:00
Tom Eastep
ec17ea1dee Remove superfluous check
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-11-03 08:19:46 -07:00
Tom Eastep
2e211bc2b6 Correct handling of wildcard interfaces in rules.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-11-03 07:24:41 -07:00
Tom Eastep
5f0b85b5b9 Replace a couple of more hard-coded directory names.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-10-30 09:49:53 -07:00
Tom Eastep
3f1aeb33be Correct mark range with shifted mask.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-10-26 12:41:06 -07:00
Tom Eastep
e177916c12 Implement statistical marking in the tcrules file.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-10-26 07:10:26 -07:00
Tom Eastep
0387b16983 Implement CHECKSUM action in the tcrules file.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-10-22 15:42:13 -07:00
Tom Eastep
6af16e0cda Allow quotes in parameter to run_iptables()
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-10-14 13:26:08 -07:00
Tom Eastep
ab7975539c Correct typo in get_params()
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-10-14 09:30:27 -07:00
Tom Eastep
dfd0692176 Omit IPv6-specific code from checkkernelversion() in IPv4 script
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-10-13 07:28:37 -07:00
Tom Eastep
8b650358d6 Don't shout in compiler directives
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-10-13 07:14:51 -07:00
Tom Eastep
cc90a06958 Add RESTORE_ROUTEMARKS option
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-10-11 07:34:57 -07:00
Tom Eastep
54e066ec3a Re-order logic in add_group_to_zone
- Need to normalize the address prior to comparing it with ALLIP

Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-10-08 08:54:54 -07:00
Tom Eastep
620f88b339 Merge branch '4.5.8' 2012-10-07 17:41:01 -07:00
Tom Eastep
b7e6b1aa41 Allow IP range in the hosts file
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-10-07 17:40:42 -07:00
Tom Eastep
c84603cdc6 Merge branch '4.5.8'
Conflicts:
	Shorewall/Perl/Shorewall/Zones.pm

Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-10-07 17:04:27 -07:00
Tom Eastep
e2b029b0ba More hosts file corrections.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-10-07 17:00:35 -07:00
Tom Eastep
0efc0451c1 Allow IP range in the hosts file
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-10-07 15:59:30 -07:00
Tom Eastep
9dd66fc6ff Allow IP range in the hosts file
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-10-07 15:55:00 -07:00
Tom Eastep
0c9cc4a233 Change the 'dynamic' zone option to 'dynamic_shared'
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-10-07 09:18:18 -07:00
Tom Eastep
c228668500 Implement logic associated with 'dynamic' zone option
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-10-06 07:52:06 -07:00
Tom Eastep
afaba46aa3 Add 'dynamic' zone option.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-10-06 07:21:49 -07:00
Tom Eastep
1f38a36acf Delete extraneous logic
Signed-off-by: Tom Eastep <teastep@shorewall.net>

Conflicts:

	Shorewall/Perl/Shorewall/Zones.pm
2012-10-04 09:45:25 -07:00
Tom Eastep
526f72216a Correct handling of dash characters in interface/ipset names.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-10-04 07:34:41 -07:00
Tom Eastep
642ff1be15 Correct handling of dash characters in interface/ipset names.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-10-02 10:09:23 -07:00
Tom Eastep
92d39dc56d Expunge the g_perllib variable
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-10-01 06:59:39 -07:00
Tom Eastep
a8e9296473 Expunge the g_sbindir variable
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-10-01 06:55:48 -07:00
Tom Eastep
749e239d15 Expunge the g_libexec variable
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-10-01 06:51:36 -07:00
Tom Eastep
30d4ba67cc Revert "Allow '-' in the interface for dynamic zone."
This reverts commit b68b34b820.
2012-09-30 16:25:35 -07:00
Tom Eastep
4ef81041be Delete extraneous logic
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-09-30 16:09:34 -07:00
Tom Eastep
b68b34b820 Allow '-' in the interface for dynamic zone.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-09-30 16:04:38 -07:00
Tom Eastep
4311dc5ddf Merge branch '4.5.8' 2012-09-29 09:03:12 -07:00
Tom Eastep
38faa3e071 Correct handling of new ipv6 net syntax in the hosts file.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-09-29 09:01:17 -07:00
Tom Eastep
81f92546d8 Merge branch '4.5.8' 2012-09-29 08:08:00 -07:00
Tom Eastep
91e2c31a58 Correct handling of new ipv6 net syntax in the hosts file.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-09-27 14:51:28 -07:00
Tom Eastep
9c893a0e21 Restore the original calling sequences of validate_[46]net()
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-09-27 07:22:40 -07:00
Tom Eastep
ffcf262de4 Ensure that the 1:1 NAT chain jumps always come last in PREROUTING.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-09-26 15:46:52 -07:00
Tom Eastep
bac0f36818 Yet another fix for TTL/HL
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-09-24 16:23:15 -07:00
Tom Eastep
b451e10dd8 More fixes for HL and TTL
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-09-24 14:25:31 -07:00
Tom Eastep
6d0142525c Merge branch '4.5.8' 2012-09-24 08:44:07 -07:00
Tom Eastep
cf130a7e16 Correct handling of {+-}0 in the TTL and HL tcrule actions.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-09-24 07:14:44 -07:00
Tom Eastep
70c76f577c Permit "[<ipv6 address>]/vlsm" in addition to "[<ipv6 address>/vlsm]"
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-09-23 12:16:17 -07:00
Tom Eastep
607c93125c Don't unconditionally detect helpers when LOAD_HELPERS_ONLY=Yes
Signed-off-by: Tom Eastep <teastep@shorewall.net>

Conflicts:
	docs/Internals.xml
2012-09-23 06:55:00 -07:00
Tom Eastep
32f89fa24b Don't unconditionally detect helpers when LOAD_HELPERS_ONLY=Yes
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-09-22 09:27:13 -07:00
Tom Eastep
4aeebb0b15 Merge branch '4.5.8' 2012-09-19 10:07:31 -07:00
Tom Eastep
e14f5e5199 Swicth from postincrement to preincrement when bumping 'filterpri'.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-09-17 10:46:31 -07:00
Tom Eastep
483374d356 Continue development of the Internals document
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-09-17 07:52:18 -07:00
Tom Eastep
fc361afbc3 Disallow ':' as the only contents of the USER/GROUP column
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-09-16 16:25:41 -07:00
Tom Eastep
124dafbf52 Delete IPAddrs dependency from Compiler.pm
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-09-16 15:48:06 -07:00
Tom Eastep
78f3255bf0 Correct getparams.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-09-16 09:06:32 -07:00